Home / Security / Spyware in 700 Million Android Smartphones secretly sends SMS to China every 72 hours

Spyware in 700 Million Android Smartphones secretly sends SMS to China every 72 hours

A mobile security firm recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages.

Android-vulnerability-red

Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other Android data to a Chinese server. The code comes preinstalled on Android phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based Virginia, United States. Kryptowire is a US Homeland Security contractor.

The Chinese company that is responsible for the creation of the software, Shanghai Adups Technology Company, says its code runs on more than 700 million Android phones, cars and other smart devices. It claims a market share of over 70% across 150 countries. One American phone manufacturer, BLU Products, said that 120,000 of its Android phones had been affected and that it had updated the software to eliminate the feature. Adups also provides its software to ZTE and Huawei (Update: Huawei statement below).

According to TheHackerNews, AdUps spyware does the following without the user’s permission:

  • Collect and Send SMS texts to AdUps’ server every 72 hours.
  • Collect and Send call logs to AdUps’ server every 72 hours.
  • Collect and Send user personally identifiable information (PII) to AdUps’ server every 24 hours.
  • Collect and Send the smartphone’s IMSI and IMEI identifiers.
  • Collect and Send geolocation information.
  • Collect and Send a list of apps installed on the user’s device.
  • Download and Install apps without the user’s consent or knowledge.
  • Update or Remove apps.
  • Update the phone’s firmware and Re-program the device.
  • Execute remote commands with elevated privileges on the user’s device.

The backdoor has been discovered in two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled or removed by the user.

Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional, reports The New York Times. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said.

Besides BLU Products, Kryptowire said it has notified Google, AdUps, as well as Amazon, which is the exclusive retailer of the BLU R1 HD, of its findings.

Google issued a statement saying that the company is working with all affected parties to patch the issue, though the tech giant said that it doesn’t know how widely AdUps distributed its software.

[Source]- The New York Times
[Source]– Kryptowire

[Update, 18 Nov:] Huawei told MalaysianWireless “The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them,” referring to the Shanghai Adups Technology Company.

About Kugan

Kugan is the founder of MalaysianWireless. He has been observing the mobile industry since 2006. Connect with him on Twitter: @scamboy
  • Wanda900

    Whenever you buy those China branded phone, it’s best you clean up their customized apps and only leave the most essential and basic in house apps around. Some of these system apps can only be removed properly if you root your phone and install a root uninstaller app which requires root privileges access.

    Also it is also odd for a country to host its own spying servers in its own backyard so that other people who discover their existence pin it on them.Secondly what is the background of this startup company who is based in China? Do they have foreign interests or associated with overseas funding?How do they know so much about Android internal coding and it took so long for US security experts to unveil it?

  • Chip

    And that’s why I never buy China branded phone nor assembled in China, no matter how interesting the spec and price. The news has lingered around since 2010-ish, but China as usual keep denying it and buried the evidence, so this sort of stuff turned into kind of conspiracy theory. If I remember last time, Canada has caught some execs from Huawei and investigate them on the account of espionage and cyber attacks. You might want to look around on the statistics of cyber attack happened on US government websites. Malaysia? It is just a matter of time.

    But if you do bought those, clean up properly before usage. This is very important if you use your phone for corporate, government and security use. All those pics, documents and data that you see, transfer or save in your phone everyday may worth nothing to you, but worth billions to the one who know how to manipulate them.